The US National Security Agency published a report analyzing the risks of vulnerabilities caused by memory errors, such as accessing a memory area after it has been freed and buffer overruns. Organizations are encouraged to move away from programming languages such as C and C++ that leave memory management to the developer whenever possible, in favor of languages that provide automatic memory management or perform memory-safety checks at compile time.
Recommended languages to reduce the risk of memory bugs include C#, Go, Java, Ruby, Rust, and Swift. As an example, the statistics of Microsoft and Google companies are mentioned, according to which about 70% of vulnerabilities in their software products are caused by unsafe work with memory. When it is not possible to migrate to more secure languages, organizations are advised to tighten their defenses by using additional compiler options, error detection tools, and operating system tweaks that make it harder to exploit vulnerabilities.
Source: opennet.ru